AWS Security: Practical Tips for Compliance Managers
AWS is releasing new services all the time, yet it seems like a blackbox to many people. Compliance managers need to be highly attuned to the work that happens inside their organization’s AWS environments. Given the flexibility provided by AWS and ease with which developers can spin up new services, compliance managers need to work with their engineers to put guardrails in place to prevent accidents from happening.
Join this presentation by Ayman Elsawah, Founder of Cloud Security Labs and AWS Security Expert, to learn what to look for in AWS and how to put proper guardrails around your organization’s AWS usage to ensure security and compliance.
What you will learn:
- What to look for in your AWS environments and specific questions to ask your engineers.
- Prioritized approach towards securing your AWS Accounts
- How to utilize AWS Organizations and native AWS Service to setup guardrails on your accounts at scale whether it’s 10 accounts or 100 accounts.
- How you can more easily collect and manage evidence of your security and compliance measures for your next audit
RecordedJun 11 202160 mins
Your place is confirmed, we'll send you email reminders
The presentation will cover an introduction to ThaiCERT and Cybersecurity situation in Thailand, observed trends and issues during COVID-19 and response to cybersecurity incidents with GMS (Government Monitoring System).
Dr. Hing-Yan LEE, Dietrich BENJES, Ferdinand FONG, Sai HONIG, Stephanie King-Chung HUNG, Sheralynn TJIOE
According to one source, there are about 3 million cybersecurity professionals worldwide. And there we need an additional 4 million cybersecurity professionals. The question for the panelists today is what we can do to address the shortfall in such expertise. With the greater cloud usage and increased cloud adoption during the pandemic period, many enterprises have pivoted to the cloud, creating a dire demand for cloud security professionals. The job is definitely cut out for our panelists. The panel hopes to address the challenge of having enough cybersecurity professionals and discuss what employers can do to build necessary working experience for the individuals.
Moderator: Dr. Hing-Yan LEE (EVP APAC, CSA)
- Dietrich BENJES (VP & GM APAC, Qualys)
- Ferdinand FONG (Chair, Protem Committee, CSA Sarawak Chapter)
- Sai HONIG (Co - founder, New Zealand Network for Women in Security)
- Stephanie King-Chung HUNG (SVP Cloud Business, Mission Software and Services, Digital Systems, ST Engineering, Singapore)
- Sheralynn TJIOE (Team Manager – Cyber Security & Big Data, HAYS)
With the improvement of private cloud technologies and the increased adoption of hyper-converged infrastructure, there is an increase in the use of hybrid cloud architecture in many organizations. With this new world of hybrid multi cloud world, there is a need to understand what we should look at to improve the security posture of such deployments. This session aims to highlight the various areas of concerns and some recommendations on how to enhance the security of the hybrid multi-cloud environment.
IoT Cloud Convergence elevated the Smart Vehicle Ecosystem boosted by Mobility. With enhanced experience, Security challenges increased manifold. Striking a balance between risks & user experience became the most challenging ball game. Secure Cloud capabilities can be strategically used to address technology risks.
Cloud native computing is a new software development approach, not an infrastructure approach as commonly miscontrued. Come and hear what constitutes cloud native and learn more about the various security guidelines from Singapore, NIST and CSA, which can guide you to adopt cloud native computing in a secure manner.
May-Ann LIM (ED, Asia Cloud Computing Association, Singapore)
The term “data sovereignty” has been used to cover a multitude of policy approaches, but what exactly does it mean? Join Executive Director of the Asia Cloud Computing Association (ACCA) Lim May-Ann as she unpacks the various facets of the term, and examines the impact it has on cloud consumers.
The Multi-Tier Cloud Security Standard was revised in 2020, and some changes have been made to reflect user concerns and changing technology. We look at what is new, and what is unchanged, and what (in the speaker's biased view) remains undone.
The internet of Things (IoT) brings increased connectivity to all industries and business markets, enabling a wide range of services for customers, stakeholders, and service providers. IoT security risks could result in loss of business or life. Device manufacturers and organizations can leverage CSA's IoT framework to reduce risk to an acceptable level by implementing end-to-end security controls.
The presentation aims to provide a synopsis about the latest release of the Cloud Control Matrix version 4, a greater insight into its development and new components, the current activities of the CCM WG (ongoing works, published and future works) and finally an update on CSA’s STAR program and transition policy from CCMv3.0.1 to CCMv4.0.
Prof. Ryan KO (Chair & Director, UQ Cyber Security, University of Queensland, Australia)
At the heart of all cyber and cloud security attribution challenges is the problem of data provenance tracking and its reconstruction. In this talk, I will cover past, present and developing provenance research in computer science, and cover its relation and usefulness to accountability, traceability, trust, forensics and proactive cloud and cyber security. It will feature some of the cloud data provenance research I have conducted in the past decade, discussed unsolved (or seemingly unsolvable) problems, and will discuss some of the recent developments in academia, industry, and international standards.
Developed by CSA and ISACA to meet the unique demands of evaluating and auditing cloud based environments, the Certificate of Cloud Auditing Knowledge (CCAK) is the first credential that industry professionals can obtain to demonstrate their expertise in understanding the essential principles of auditing and assessment cloud computing systems.
In his presentation Daniele Catteddu will describe the rationales behind the creation of the CCAK and offer an overview of the CCAK body of knowledge, including cloud security components based on CSA’s Security, Trust, Assurance & Risk (STAR) and Cloud Controls Matrix (CCM), as well as highlight key differentiators from other IT audit certification programs and illustrate the benefits of earning your CCAK.
The need to properly manage secrets is an essential part of the software development lifecycle. It can also be a tedious and time-consuming, not to mention error-prone, effort. Having a strong, enforced policy on secret rotation is essential. But it can also be complicated. First, you need to determine where all of your secrets are used, then you need to generate new ones, document this happened and why, put new secrets wherever they are supposed to be used, and also document the entire process in the end — preferably without breaking everything.
You are likely wondering with all of this complication if it is even possible to come up with a way to properly manage secrets, especially in diverse, multi-cloud environments. The key is to look at this as a coding problem with a coding solution. Join Shikha Chawla, lead architect for Adobe I/O, and Scott Webster, cloud engineer, for insight into best practices for implementing an automated approach to secrets management. They will discuss what we have learned here at Adobe that works best for our application development and security teams that we hope will provide solid guidance you can use to implement your own automation program for secrets management.
Yuval Shchory, Head of Product Management, Cloud Security
How can cybersecurity catch up to the business, while still maintaining a dynamic, resilient, and secure operation? Transitioning and operating in the cloud is no longer just about moving from your on-premises data centers. It’s about optimizing connections between branch offices to home offices, and accelerating the development and deployment of applications – all while remaining secure and compliant!
Join us and find ways to squeeze the full business benefits out of the cloud through consolidation, visibility, automation, and intelligence.
The most common cloud security issue facing organizations today is a database containing sensitive data that’s inadvertently accessible to the internet. It seems every week another brand is in the headlines because attackers exploited this situation to steal data. So why is it so hard for security teams to answer the simple question, “do we have a publicly exposed database?” In this session, we’ll dive into the complexity of cloud and Kubernetes networking that gives rise to this problem and what security teams can do to break through this complexity and discover the at-risk database in their own cloud environments.
Join IntSights to see first hand, recent intelligence on how threat actors deploy ransomware against various industry targets, as well as how the sophistication of ransomware continues to evolve.
Attend this session to hear IntSights Yotam Katz and Andrey Yakovlev review:
• The latest trends in ransomware
• Best practices and practical steps for considering and countering threats
• How threat intelligence can be used to contextualize indicators of compromise
• Insights into threats beyond the horizon...
Dimitri Sirota, Gary Patterson, and Sarah Hospelhorn of BigID
Modern multi-cloud environments are complex, noisy, and full of sensitive data. It’s critical to gain visibility and control for data in the cloud - to reduce risk, get more value from your data, and take a strategic and scalable approach to data management.
Join Dimitri Sirota, Co-founder, and CEO of BigID, to explore how to build a data visibility and control framework for the cloud. You’ll learn:
- Challenges to data visibility and control across data centers in the cloud
- How ML and automation will fuel next-generation data management that extends to privacy, security, and governance
- Key steps to building a sustainable and scalable framework for cloud data management
Dr. Hing-Yan LEE, Madhav CHABLANI, Stephanie King-Chung HUNG, Ts. Saiful Bakhtiar OSMAN
The term “data sovereignty” has often been used by stakeholders (including cloud service consumers, cloud service providers, sectoral regulators) to mean different things. Just like the term "cloud computing" in the initial years, there are no widely agreed definitions; so the question "What do you understand by this term ?" naturally arises. Is it about: (a) data residency; (b) data localization; (c) data protection; (d) ... etc. What do these other terms mean anyway? Some parties commented that the above measures are too prescriptive and hide the real motivations, there are indeed innovative solutions to address those motivations. The panel discussion will identify the real motivations for data sovereignty. Some regulated sectors (e.g., finance, healthcare & healthcare) seem most paranoid about data sovereignty; they must have good reasons. Join us as the panelists endeavour to help us to understand the downsides and upsides to data sovereignty.
MODERATOR: Dr. Hing- Yan LEE (EVP APAC, CSA)
- Madhav CHABLANI (Chairman, CSA NCR Chapter & Consulting CIO, TippingEdge Consulting)
- Stephanie King-Chung HUNG (SVP Cloud Business, Mission Software and Services, Digital Systems,, ST Engineering)
- Ts. Saiful Bakhtiar OSMAN (Head of IT, APAC, ASCENT Fund Services)
Educational series on cloud computing, security and privacy.
CSA CloudBytes was launched as a webinar series to help us educate the industry on all matters related to the cloud. Our channel is designed to inform our audience about trending topics, new technologies, and latest research. Learn more at cloudsecurityalliance.org. Join the Cloud Security Alliance on LinkedIn and follow us on twitter: @cloudsa